diff options
| author |   bluhm <bluhm@openbsd.org> | 2018-11-07 19:09:01 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2018-11-07 19:09:01 +0000 |
| commit | 188261f971cd38befa1c7c6b2989c3590d80f354 (patch) | |
| tree | 9f63edaab04f6e1ebef04860ee7c7a075ae16fab | |
| parent | unifdef HAVE_SYSID (diff) | |
| download | wireguard-openbsd-188261f971cd38befa1c7c6b2989c3590d80f354.tar.xz wireguard-openbsd-188261f971cd38befa1c7c6b2989c3590d80f354.zip | |
Add interop test with OpenSSL 1.1. TLS 1.3 should be used automatically
when it becomes available in LibreSSL.
thanks to sthen@ for the new OpenSSL port
| -rw-r--r-- | regress/lib/libssl/interop/Makefile | 4 | ||||
| -rw-r--r-- | regress/lib/libssl/interop/README | 13 | ||||
| -rw-r--r-- | regress/lib/libssl/interop/client.c | 8 | ||||
| -rw-r--r-- | regress/lib/libssl/interop/openssl11/Makefile | 32 | ||||
| -rw-r--r-- | regress/lib/libssl/interop/server.c | 8 |
5 files changed, 55 insertions, 10 deletions
diff --git a/regress/lib/libssl/interop/Makefile b/regress/lib/libssl/interop/Makefile index 997cad29499..d89376aaf61 100644 --- a/regress/lib/libssl/interop/Makefile +++ b/regress/lib/libssl/interop/Makefile @@ -1,5 +1,5 @@ -# $OpenBSD: Makefile,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ +# $OpenBSD: Makefile,v 1.2 2018/11/07 19:09:01 bluhm Exp $ -SUBDIR = libressl openssl +SUBDIR = libressl openssl openssl11 .include <bsd.subdir.mk> diff --git a/regress/lib/libssl/interop/README b/regress/lib/libssl/interop/README index d1ecc7e683d..d8847e5ef55 100644 --- a/regress/lib/libssl/interop/README +++ b/regress/lib/libssl/interop/README @@ -1,9 +1,10 @@ Test TLS interoperability between LibreSSL and OpenSSL. -Implement simple SSL client and server in C. Create four binaries -by linking them with LibreSSL or OpenSSL. This way API compatibility -is tested. Connect and accept with netcat to test protocol -compatibility with libtls. +Implement simple SSL client and server in C. Create six binaries +by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1. This +way API compatibility is tested. Connect and accept with netcat +to test protocol compatibility with libtls. -Currently OpenSSL 1.0.2p from ports is used. Plan is to move to -OpenSSL 1.1 and and test TLS 1.3. +Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used. As +soon as LibreSSL supports TLS 1.3, it should be used automatically +when netcat is communicating with OpenSSL 1.1. diff --git a/regress/lib/libssl/interop/client.c b/regress/lib/libssl/interop/client.c index 9d56182932d..60fb718fdb4 100644 --- a/regress/lib/libssl/interop/client.c +++ b/regress/lib/libssl/interop/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */ +/* $OpenBSD: client.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $ */ /* * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> * @@ -65,9 +65,15 @@ main(int argc, char *argv[]) print_version(); /* setup method and context */ +#if OPENSSL_VERSION_NUMBER >= 0x1010000f + method = TLS_client_method(); + if (method == NULL) + err_ssl(1, "TLS_client_method"); +#else method = SSLv23_client_method(); if (method == NULL) err_ssl(1, "SSLv23_client_method"); +#endif ctx = SSL_CTX_new(method); if (ctx == NULL) err_ssl(1, "SSL_CTX_new"); diff --git a/regress/lib/libssl/interop/openssl11/Makefile b/regress/lib/libssl/interop/openssl11/Makefile new file mode 100644 index 00000000000..b11e08488aa --- /dev/null +++ b/regress/lib/libssl/interop/openssl11/Makefile @@ -0,0 +1,32 @@ +# $OpenBSD: Makefile,v 1.1 2018/11/07 19:09:01 bluhm Exp $ + +.if ! exists(/usr/local/bin/eopenssl11) +regress: + # install openssl-1.1.1 from ports for interop tests + @echo SKIPPED +.endif + +PROGS = client server +CPPFLAGS = -I /usr/local/include/eopenssl11 +LDFLAGS = -L /usr/local/lib/eopenssl11 +LDADD = -lssl -lcrypto +DPADD = /usr/local/lib/eopenssl11/libssl.a \ + /usr/local/lib/eopenssl11/libcrypto.a +LD_LIBRARY_PATH = /usr/local/lib/eopenssl11 + +.for p in ${PROGS} +run-ldd-$p: ldd-$p.out + @echo '\n======== $@ ========' + # check that $p is linked with OpenSSL 1.1 + grep -q /usr/local/lib/eopenssl11/libcrypto.so ldd-$p.out + grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out + # check that $p is not linked with LibreSSL + ! grep -v libc.so ldd-$p.out | grep /usr/lib/ + +run-version-$p: $p.out + @echo '\n======== $@ ========' + # check that runtime version is OpenSSL 1.1 + grep 'SSLEAY_VERSION: OpenSSL 1.1' $p.out +.endfor + +.include <bsd.regress.mk> diff --git a/regress/lib/libssl/interop/server.c b/regress/lib/libssl/interop/server.c index 6f40c4899ce..0aece87583c 100644 --- a/regress/lib/libssl/interop/server.c +++ b/regress/lib/libssl/interop/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */ +/* $OpenBSD: server.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $ */ /* * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> * @@ -69,9 +69,15 @@ main(int argc, char *argv[]) print_version(); /* setup method and context */ +#if OPENSSL_VERSION_NUMBER >= 0x1010000f + method = TLS_server_method(); + if (method == NULL) + err_ssl(1, "TLS_server_method"); +#else method = SSLv23_server_method(); if (method == NULL) err_ssl(1, "SSLv23_server_method"); +#endif ctx = SSL_CTX_new(method); if (ctx == NULL) err_ssl(1, "SSL_CTX_new"); |